how to EVP_SignInit_ex() ?

2005-06-14 Thread coco coco
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is giving me unhandled exception error. My code is a very simple testing code: char * clearText = testing openssl; char cryptText[MAX_LEN]; char buf[MAX_LEN]; unsigned char ubuf[MAX_LEN];

Re: how to EVP_SignInit_ex() ?

2005-06-14 Thread coco coco
try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects Thanks, not very familiar with openssl at all, this is the first time trying to get something quickly done with openssl. Is there any developer guide, like giving better description of the API provided by openssl, beside the

Re: Need objective arguments against double certificate

2005-06-14 Thread coco coco
Thanks all for replying. More heated debates I guess. _ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

problem verifying signature from java

2005-06-15 Thread coco coco
I'm trying to get a client application written in C++ using OpenSSL to verify a signature sent by a server (in Java) and vice versa. Not sure I specified it correctly, but the signatures generated on both sides, from the same input data, are not the same, and therefore, can't be verify. And

RE: Need objective arguments against double certificate

2005-06-16 Thread coco coco
Thanks all for replying. More heated debates I guess. How can there be a heated debated when there is not yet one argument advanced in favor of the double certificate scheme? I got what you meant, sorry for not being clear. I meant there will be more heated debate between us (the

Re: Need objective arguments against double certificate

2005-06-16 Thread coco coco
Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how

RE: problem verifying signature from java

2005-06-16 Thread coco coco
I am also facing the similar problem. I am generating signature using OpenSSL and passing in to JAVA to verify (running JAVA test suite). Signature format is in DER encoded PKCS#7 format. But JAVA is not able to parse the SignedData content in the PKCS#7 format. It is giving

RE: Need objective arguments against double certificate

2005-06-16 Thread coco coco
Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. Hehe, I was

Re: Need objective arguments against double certificate

2005-06-16 Thread coco coco
Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: If you are an employee in an organization, it is valid for the

Re: Need objective arguments against double certificate

2005-06-16 Thread coco coco
I thought the problem was that you were using the same keypair for encryption and signing. So that there really is only one key. I know, the key escrow was designed when the requirements were only for encryption only. Digital signature requirement was added when the consultant got on board.

Re: Need objective arguments against double certificate

2005-06-16 Thread coco coco
Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the

RE: problem verifying signature from java

2005-06-22 Thread coco coco
Did you got any break through. Sorry, didn't read this list for a while. Actually, the code I put up in my question was correct. The problem was with a Base64 lib that I linked with in C++. The implementation of the library has a small bug, which does not handle the '+' char properly.

Re: problem verifying signature from java

2005-06-22 Thread coco coco
To rule out any problems with your OpenSSL code I'd suggest you check the signatures using the dgst command and if there are problems analyze them using rsautl. Thanks for the reply. I got it, by examining basically every function that touches my data. So, in the end, it was the base64

difference between authenticode certificate and normal certificate?

2005-07-27 Thread coco coco
Hi, Sorry if this is a bit OT, can someone explain what is the difference between an MS Authenticode certificate, a normal certificate, and a certificate for signing Netscape object? What are the bits and bytes that are different? I can't find info detailed enough to give a satisfactory

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Thanks for replying. From: Dr. Stephen Henson [EMAIL PROTECTED] I looked at this some time ago so this may not be up to date... There wasn't anything special about an authenticode certificate provided you didn't set the extensions to specifically exclude the usages. So a vanilla CA and EE

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Just found a link which may help: http://www.thawte.com/support/code/msauth.html#timestamp Thanks a lot. Sorry to sound like a dumbass, but how do I put that information into the certificate when I signed it? :) I mean, how do I specify the URL of the tsa, which extension to use ? If

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Hmmm, I don't have access to the relevant tools for that. Do you have a sample signed macro or certificate that includes this information? hehe, I don't, that's why I can't figure out what to put in there. I tried different extensions, looked up all the stuff I can use in x509v3, to no

Re: difference between authenticode certificate and normal certificate?

2005-07-29 Thread coco coco
Wow, Steve, I must say, you are a god-send! I was still digging in the registry and the msdn site last night for a clue... Had I input the right keyword (TimeStampURL) in google, that would've solved my problem. But I was looking at the wrong place (msdn, which is a pretty useless site), also

Plan for OCSP verifier to LDAP?

2005-08-12 Thread coco coco
Is there any plan to support OCSP verification over LDAP (or LDAP/s)? OT: BTW, could anyone recommend an LDAP client library (C or C++) that works on Windows? Preferably open source. thanks coco _ Express yourself instantly with